使用 SpringAMQP 时,RabbitMQ SSL 导致握手失败 [英] RabbitMQ SSL giving handshake failure when using SpringAMQP
问题描述
我使用以下配置安装了rabbitMQ
<预><代码>[{兔子, [{ssl_listeners, [5671]},{ssl_options, [{cacertfile,"C:\\dev\\rabbitcert\\testca\\cacert.pem"},{certfile,"C:\\dev\\rabbitcert\\server\\cert.pem"},{keyfile,"C:\\dev\\rabbitcert\\server\\key.pem"},{验证,verify_peer},{fail_if_no_peer_cert,false}]}]}].我正在实例化连接工厂(数据替换为虚拟):
私有静态ConnectionFactory getConnectionFactoryForQueue(){com.rabbitmq.client.ConnectionFactory connectionFactory = new com.rabbitmq.client.ConnectionFactory();connectionFactory.setUsername("用户");connectionFactory.setHost("MyIpAddress.0.1.1");connectionFactory.setPassword("pass");connectionFactory.setPort(5671);connectionFactory.setVirtualHost("/");SsmProtos.SSLDetails ssl = listener.getSslDetails();char[] keyPassphrase = "keyPassPhrase".toCharArray();尝试 {KeyStore ks = KeyStore.getInstance("PKCS12");ks.load(new FileInputStream("path/to/keycert.p12"), keyPassphrase);KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");kmf.init(ks, keyPassphrase);char[] trustPassphrase = "trustPassPhrase".toCharArray();KeyStore tks = KeyStore.getInstance("JKS");tks.load(new FileInputStream("path/to/trust/store"), trustPassphrase);TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");tmf.init(tks);SSLContext c = SSLContext.getInstance("SSLv3");c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);connectionFactory.useSslProtocol(c);} catch (NoSuchAlgorithmException | CertificateException | IOException |UnrecoverableKeyException |密钥库异常 |密钥管理异常 e) {throw new IllegalArgumentException("设置 SSL 失败",e);}返回新的缓存连接工厂(连接工厂);}
当我尝试连接时,我从 Java 端收到以下错误
遇到的错误:在类 com.ixaris.ssm.server.service.ServerConfiguration 中定义名称为getSsmRequestAmqpAdmin"的 bean 创建时出错:bean 实例化失败;嵌套异常是 org.springframework.beans.factory.BeanDefinitionStoreException:工厂方法 [public org.springframework.amqp.core.AmqpAdmin com.ixaris.ssm.shared.busobject.ServerInfoConfiguration.getSsmRequestAmqpAdmin()] 抛出异常;嵌套异常是 org.springframework.amqp.AmqpIOException:java.net.SocketException:软件导致连接中止:recv 失败org.springframework.beans.factory.BeanCreationException:在 com.ixaris.ssm.server.service.ServerConfiguration 类中定义的名称为getSsmRequestAmqpAdmin"的 bean 创建时出错:bean 实例化失败;嵌套异常是 org.springframework.beans.factory.BeanDefinitionStoreException:工厂方法 [public org.springframework.amqp.core.AmqpAdmin com.ixaris.ssm.shared.busobject.ServerInfoConfiguration.getSsmRequestAmqpAdmin()] 抛出异常;嵌套异常是 org.springframework.amqp.AmqpIOException:java.net.SocketException:软件导致连接中止:recv 失败在 org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:597)在 org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1094)引起:org.springframework.beans.factory.BeanDefinitionStoreException:工厂方法[public org.springframework.amqp.core.AmqpAdmin com.ixaris.ssm.shared.busobject.ServerInfoConfiguration.getSsmRequestAmqpAdmin()]抛出异常;嵌套异常是 org.springframework.amqp.AmqpIOException:java.net.SocketException:软件导致连接中止:recv 失败在 org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:188)在 org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:586)引起:org.springframework.amqp.AmqpIOException:java.net.SocketException:软件导致连接中止:recv failed在 org.springframework.amqp.rabbit.support.RabbitExceptionTranslator.convertRabbitAccessException(RabbitExceptionTranslator.java:63)在 org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:195)引起:java.net.SocketException:软件导致连接中止:接收失败在 java.net.SocketInputStream.socketRead0(本机方法)在 java.net.SocketInputStream.read(SocketInputStream.java:150)
rabbitMQ 日志中出现以下内容(192.168.24.75 是我的 IP)
=信息报告==== 2014 年 8 月 14 日::11:25:07 ===接受 AMQP 连接 <0.272.0>(192.168.24.75:49860 -> 192.168.24.75:5671)=错误报告==== 2014 年 8 月 14 日::11:25:08 ===SSL:证明:ssl_handshake.erl:1391:致命错误:握手失败=错误报告==== 2014 年 8 月 14 日::11:25:13 ===AMQP 连接 <0.272.0> 上的错误:{ssl_upgrade_error,{tls_alert,"握手失败"}}
目前应用程序和队列都在我的机器上.我在防火墙上打开了 TCP 端口 5671 和 5672.
我错过了什么吗?
问题不在于代码,而在于我的 Keycert 的路径我使用的是服务器证书而不是客户端证书.
I have rabbitMQ installed using the following configuration
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"C:\\dev\\rabbitcert\\testca\\cacert.pem"},
{certfile,"C:\\dev\\rabbitcert\\server\\cert.pem"},
{keyfile,"C:\\dev\\rabbitcert\\server\\key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false}]}
]}
].
And i am Instantiating the Connection Factory as such (data replaced with dummy):
private static ConnectionFactory getConnectionFactoryForQueue(){
com.rabbitmq.client.ConnectionFactory connectionFactory = new com.rabbitmq.client.ConnectionFactory();
connectionFactory.setUsername("user");
connectionFactory.setHost("MyIpAddress.0.1.1");
connectionFactory.setPassword("pass");
connectionFactory.setPort(5671);
connectionFactory.setVirtualHost("/");
SsmProtos.SSLDetails ssl = listener.getSslDetails();
char[] keyPassphrase = "keyPassPhrase".toCharArray();
try {
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(new FileInputStream("path/to/keycert.p12"), keyPassphrase);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
kmf.init(ks, keyPassphrase);
char[] trustPassphrase = "trustPassPhrase".toCharArray();
KeyStore tks = KeyStore.getInstance("JKS");
tks.load(new FileInputStream("path/to/trust/store"), trustPassphrase);
TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
tmf.init(tks);
SSLContext c = SSLContext.getInstance("SSLv3");
c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
connectionFactory.useSslProtocol(c);
} catch (NoSuchAlgorithmException | CertificateException | IOException |
UnrecoverableKeyException | KeyStoreException | KeyManagementException e) {
throw new IllegalArgumentException("Failed Setting up SSL",e);
}
return new CachingConnectionFactory(connectionFactory);
}
When I try to connect I get the following error from the Java side
Errors encountered:Error creating bean with name 'getSsmRequestAmqpAdmin' defined in class com.ixaris.ssm.server.service.ServerConfiguration: Instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public org.springframework.amqp.core.AmqpAdmin com.ixaris.ssm.shared.busobject.ServerInfoConfiguration.getSsmRequestAmqpAdmin()] threw exception; nested exception is org.springframework.amqp.AmqpIOException: java.net.SocketException: Software caused connection abort: recv failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'getSsmRequestAmqpAdmin' defined in class com.ixaris.ssm.server.service.ServerConfiguration: Instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public org.springframework.amqp.core.AmqpAdmin com.ixaris.ssm.shared.busobject.ServerInfoConfiguration.getSsmRequestAmqpAdmin()] threw exception; nested exception is org.springframework.amqp.AmqpIOException: java.net.SocketException: Software caused connection abort: recv failed
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:597)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1094)
Caused by: org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public org.springframework.amqp.core.AmqpAdmin com.ixaris.ssm.shared.busobject.ServerInfoConfiguration.getSsmRequestAmqpAdmin()] threw exception; nested exception is org.springframework.amqp.AmqpIOException: java.net.SocketException: Software caused connection abort: recv failed
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:188)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:586)
Caused by: org.springframework.amqp.AmqpIOException: java.net.SocketException: Software caused connection abort: recv failed
at org.springframework.amqp.rabbit.support.RabbitExceptionTranslator.convertRabbitAccessException(RabbitExceptionTranslator.java:63)
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:195)
Caused by: java.net.SocketException: Software caused connection abort: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:150)
And the following appears on the rabbitMQ Logs (192.168.24.75 is my IP)
=INFO REPORT==== 14-Aug-2014::11:25:07 ===
accepting AMQP connection <0.272.0> (192.168.24.75:49860 -> 192.168.24.75:5671)
=ERROR REPORT==== 14-Aug-2014::11:25:08 ===
SSL: certify: ssl_handshake.erl:1391:Fatal error: handshake failure
=ERROR REPORT==== 14-Aug-2014::11:25:13 ===
error on AMQP connection <0.272.0>:
{ssl_upgrade_error,{tls_alert,"handshake failure"}}
Both the application and the queue are on my machine at the moment. I have opened up TCP ports 5671 and 5672 on my firewall.
Am I missing something?
The issue was not in that code, but rather with the path to my Keycert I was using the Server Certificate rather than the Client Certificate.
这篇关于使用 SpringAMQP 时,RabbitMQ SSL 导致握手失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!